[
https://issues.apache.org/jira/browse/CLOUDSTACK-7028?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14113552#comment-14113552
]
Jayapal Reddy commented on CLOUDSTACK-7028:
-------------------------------------------
Problem:
-----------
Static NAT does not working after fail over in RVR. This issue there only for
the additional public subnets case.
Root Cause Analysis:
----------------------------
For additional public subnet case in RVR when fail over happens there is no
mechanism to add routes for the additional subnets
in eanble_pubip.sh
When back up switch to master, during this enable_pubip.sh is called. Its
responsibility to bring up public interfaces and add routes for the
interface.
Due to this the ingress traffic coming in eth3 is going out via eth2.
To add routes gateway and device infomation which is not available in the
router dynamically.
Proposed solution:
------------------------
Once we have gw and device information in VR we can add routes for additional
subnets.
So the gw and device information we are maintaining in
/var/cache/cloud/ifaceGwIp in VR.
Using this information adding routes for additional public subnet interfaces in
enable_pubip.sh when VR switches to master.
QA Verification steps:
----------------------------
To verify this we need two isolated public subnets in the lab.
In our current lab all public subnets are reachable from each other. In this
case you can't reproduce the issue.
Take public subnet ex: 52, 53. From 52 subnet gateway 53 subnet should not be
reachable.
Verfication steps:
1. Create RVR network and acquire additional public ip range (ex: 47 vlan and
10.147.47.x subnet)
2. create a static nat rue on additional range public ip and add firewall rule
for port 22-22
3. ssh to public ip, it get connected to vm
4. Now make master VR down, backup wil become master.
5. On master router on eth3 there should be default route.
command to check:
ip route show table Table_eth<devNum>
7. Static nat rule on public ip of additional subnet should work.
8. Make sure by capturing the traffic enter in device and leave the same device.
> [RVR] Static NAT does not work after the fail-over in additional public range
> -----------------------------------------------------------------------------
>
> Key: CLOUDSTACK-7028
> URL: https://issues.apache.org/jira/browse/CLOUDSTACK-7028
> Project: CloudStack
> Issue Type: Bug
> Security Level: Public(Anyone can view this level - this is the
> default.)
> Components: Network Controller
> Affects Versions: 4.0.0
> Reporter: Jayapal Reddy
> Assignee: Jayapal Reddy
> Fix For: 4.4.0
>
>
> On fail over, in master router route got missed.
> Reproducing steps:
> 1. Create RVR network and acquire additional public ip range (ex: 47 vlan and
> 10.147.47.x subnet)
> 2. create a static nat rue on additional range public ip and add firewall
> rule for port 22-22
> 3. ssh to public ip, it get connected to vm
> 4. Now make master VR down, backup wil become master.
> 5. On master router on eth3 there default route got missed, which is causing
> the ingress traffic is coming to eth3 is going out via eth2.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
